You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "James Taylor (JIRA)" <ji...@apache.org> on 2014/05/02 06:54:17 UTC
[jira] [Resolved] (PHOENIX-699) Ensure that the SQL generated for
PhoenixDatabaseMetaData.getColumns doesn't allow SQL-injection
[ https://issues.apache.org/jira/browse/PHOENIX-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Taylor resolved PHOENIX-699.
----------------------------------
Resolution: Fixed
Fix Version/s: 5.0.0
4.0.0
3.0.0
> Ensure that the SQL generated for PhoenixDatabaseMetaData.getColumns doesn't allow SQL-injection
> ------------------------------------------------------------------------------------------------
>
> Key: PHOENIX-699
> URL: https://issues.apache.org/jira/browse/PHOENIX-699
> Project: Phoenix
> Issue Type: Task
> Affects Versions: 3.0-Release
> Reporter: James Taylor
> Assignee: Julian Hyde
> Fix For: 3.0.0, 4.0.0, 5.0.0
>
>
> For example:
> PhoenixDatabaseMetaData metaData;
> metaData.getColumns(null, null, "anything' or 1 = 1 or 'anything", null);
> Ensure that the columns argument is used only as the second argument to a LIKE expression without any trailing characters.
--
This message was sent by Atlassian JIRA
(v6.2#6252)